Hello OAuth

Goal: Confirm your OAuth access token works and you know what an OAuth 401 looks like.
Prep time: ~1 minute

What you’ll use

GET /flynet/v1/users/me/wallets with Authorization: Bearer <access_token>

The subject is resolved from your token, with no member ID in the path.

Code

const res = await fetch(
  "https://api.staging.blackbird.xyz/flynet/v1/users/me/wallets",
  { headers: { Authorization: `Bearer ${process.env.ACCESS_TOKEN}` } },
);

if (res.status === 401 || res.status === 403) {
  console.log(res.status, res.headers.get("www-authenticate"));
} else {
  console.log(res.status, await res.json());
}

curl -i "https://api.staging.blackbird.xyz/flynet/v1/users/me/wallets" \
  -H "Authorization: Bearer $ACCESS_TOKEN"

200 returns { "wallets": [...] } with one MEMBERSHIP and one SPENDING wallet. 401 returns an empty body with a WWW-Authenticate: Bearer header; the cause sits in that header, not in JSON. A 403 means your token is valid but lacks the read:wallets scope this route requires (error="insufficient_scope").

Don’t try to parse JSON on an OAuth 401/403; the body is empty. Inspect the WWW-Authenticate header for the reason, such as error="invalid_token" or error="insufficient_scope".

Next: Fetch a restaurant list: verify the API-key side of the credential model.

Get started Hello API Key

​Hello OAuth

​What you’ll use

​Code

Hello OAuth

What you’ll use

Code